Applicable to:
- Plesk for Linux
Question
How to create an SSL/TLS certificate for a domain via REST API?
Answer
Note: Replace 203.0.113.2 and ce8b9a38-4410-XXX with the required server IP address and API key from step 2 in exactly the same way as all the custom settings in the commands below.
Note: In step 2, the API key should be generated from the Plesk server where the request for creating a certificate is run.
-
Connect to the server via SSH.
-
Generate an API key:
# curl -k -X POST --user admin:"<password>" -H "Content-Type: application/json" -H "Accept: application/json" -d"{}" "https://203.0.113.2:8443/api/v2/auth/keys"
or
# plesk bin secret_key -c -ip-address 203.0.113.2
-
Issue a certificate:
-
Create an SSL/TLS certificate using csr/key/cert files:
# curl -k -X POST -H "X-API-Key: ce8b9a38-4410-. . ." -H "Content-Type: application/json" -H "Accept: application/json" "https://<Server_IP>:8443/api/v2/cli/certificate/call" -d '{ "params": ["--create", "<Certificate_name>", "-domain", "example.com", "-csr-file", "/path/to/server.csr", "-key-file", "/path/to/server.key"]}'
The `--create` command requires concomitant use of one of the following combinations of options:-
-csr-file <file name> -key-file <file name>
-
-csr-file <file name> -key-file <file name> -cert-file <file name>
-
-csr-file <file name> -key-file <file name> -cert-file <file name> -cacert-file <file name>
-
-key-file <file name> -cert-file <file name> -cacert-file <file name>
-
-key-file <file name> -cert-file <file name>
-
-
If it's required to issue a Let's Encrypt certificate (e.g. for domain example.com including webmail):
# curl -k -X POST -H "X-API-Key: ce8b9a38-4410-. . ." -H "Content-Type: application/json" -H "Accept: application/json" "https://<Server_IP>:8443/api/v2/cli/extension/call" -d '{ "params": ["--exec", "letsencrypt", "cli.php", "-d", "example.com", "-d", "webmail.example.com", "-m", "jdoe@example.com"]}'
-
Comments
1 comment
I assumed the certificate files would be on the computer you run the curl command on , however I get the error
"stderr": "Unable to create certificate \"mycert-2023-2024\": file privkeyfile.key dose not exist"
Do the files need to be in some shared store on the server or in a folder in the domain's folder?
Please sign in to leave a comment.